technically, sensibly stored passwords are *hashed*, not *encrypted*. an encrypted password can be converted back into the plain text password, where hashing is only one-way, meaning that the password cannot be extrapolated from the hashed version stored on a server.
Any sensible person would salt the hashed passwords after that, otherwise you can easily work backwards to find out every password You can still work backwards from hashing
No, you can't work backwards from hashing (given that you're using a secure algorithm). barnstormer322 is right. Salting is only so the same hashes don't appear for the same passwords in a database. If someone's password was "12345", and 5 people used it, all of the hashes would be the same. That's why hashes are salted. Nonetheless, you really shouldn't be doing crypto yourself anyway. I recommend using a strong hashing algorithm like bcrypt.
Nothing is one way. The difference is that encryption uses a key to hide passwords. WIth said key you can turn them back *easy*. Hashing does not have a key, but uses a chain of mathematical functions that are *easy* to calculate in order, but very *hard* in reverse.
+Simon WoodburyForget there is very much a thing called a stupid question, if I blatantly knew your name was Simon and I asked, 'is your first name Chris?'. Then would this lead to a great discovery, no. It is a stupid question since I already knew your name.
Considering they keep saying "encryption" (encrypting passwords is insanely bad practice), I'm not surprised. They *really* missed the mark on this video.
Tip : if a website sends you your password if your click " password forgoten" . STAY AWAY ! Websites that practice good security DO NOT KNOW WHAT YOUR PASSWORD IS !
How is he dumb? That's a valid point. I signed up for a website and it emailed me my login information (with password) in plain text. I immediately changed it to something random, and looked for a way to delete my account, and emailed them.
423million i meant if they send you password in text, instead of asking for a reset or sending a temporary password. Websites like amazon or Facebook are designed in such a way that they don't know what your password is
This sort of blunder is actually depressingly common. Even with big companies that should really know better: www.troyhunt.com/content/images/2016/02/46624661SNAGHTML3928683.png From: www.troyhunt.com/lessons-in-website-security-anti/
"Websites like amazon or Facebook are designed in such a way that they don't know what your password is" Never trust that any company, no matter how big, is managing your passwords correctly. LinkedIn and Adobe couldn't be bothered to do it right; a lot of other companies probably aren't doing it right either. Use random passwords and a password generator. Full stop. (Passwords really need to die as a form of authentication, long term.)
Top tip: If a website emails you your password on account creation (or you clicked Forgot Password), it's probably not encrypted in their DB - so change it to something unique if it isn't already.
"Linus, new TechQuickie video is about passwords and encryption. What sponsor should we use?" "Hm.... SQUARESPACE! BUILD I-" "No. Screw it, lets go with TunnelBear."
Your point at 3:14 is false. Any password, be it "welcome123", "iL1k3biGbuTt5z@" or a string of any length is the same amount of characters when properly hashed and salted. Edit: since it seems you haven't done a video about this subject yet, I'd love to see something like "hashing vs encryption" and how most websites (*should*) store password.
The point is that a hash is usually cracked by hashing different combinations of characters and comparing with the original. As such a longer password will usually result in the password taking longer to crack, since it will take more tries to guess. It is certainly true that the hash length is constant, but the password may still be orders of magnitude harder to crack if it is longer.
+goustune Rainbow tables only work if you don't use salt. Even with MD5, adding salt defeats rainbow tables. Not that it matters in the case of MD5 since it's so broken.
0:53 "[passwords] are supposed to be encrypted, right? Well yes" Not quite (for reasons already mentioned in the comments), but a techquickie episode on hashing and cryptography as a whole would be really interesting.
Passwords often arent "encrypted", but instead hashed. This means that any password with any length gets transformed in a string like "f396czf7". You pracitically cant undo hashing, but you have to use a database of clear-hashed data-pairs.
I read about a case (in Canada, I think) where a young hacker was held in contempt of court for refusing to tell the authorities his encrypted computer's password. Apparently it was something like 50 characters long and not even the FBI could get into it. I would think that this would violate something with pleading the fifth (not being forced to self incriminate) but I don't know if Canada has that.
An easy way to have multiple unique and secure passwords is to use Pass-Phrase. A pass phrase contains multiple words which can reach up to 30 characters or even more. Easy to remember, nearly impossible to crack using brute force because the possibilities are much higher than your usual 8 characters limits.
passwords are often hashed and stored on a database for a website making them unreadable. But if the hashes gets stolen or leaked a "hacker" can just hash all the common passwords till the hash of your password matches one of the passwords on their commom password list. This is a dictionary attack but hackers can use broteforce aswell. So they dont decrypt anything, they hash words they think might be your password and see if the hash matches with your leaked password hash.
I remember getting a text from Bank of America saying that an attempt to access my account was made from an unknown location, that my funds were frozen until I verified the new access point by visiting an in store location, or entering my SSN. I thought to myself, "I've got like $150 to my name, who would try to steal that?" Then I thought " usually SSN verification only ask for the last 4 digits." I pondered for a bit then realized " I don't even have Bank of America account...".
I think it would be cool to see a video explaining why exactly GPUS are better than CPUS at cracking passwords/encryption. I know the general idea, which is that GPUs just do math differently than CPUs, but I'm not clear on the specifics.
2:17 Wow you accidentally got a keylogger installed on your computer. I fell for a phishing attack once myself too, my antivirus flagged it and then I rechecked the page and realized I had accidentally downloaded and ran a malicious program.
3:21 Once they have the hashed password I think it's just a matter of time before they get the real one, even if it's a very strong hash. I believe (correct me if I'm wrong) using a very strong hash is just to buy more time so the user has more time to change there password before the hacker cracks it. All they have to do is run every combination of characters through the hash until they get a match; a very simple strait forward brought force. But they will probably use a more sophisticated brought force hack that tries passwords with words first.
Regardless of the choice of characters available, length is the most important factor in making a strong password. The smaller the number of allowed characters, the more important length becomes. Having said that, using words for your password, while allowing you to remember long passwords more easily, also in effect reduces the length of the password (if the attacker is using a dictionary to generate the password attempts); if you're using words, make sure there are many of them.
I have recently switched to useing Keepass to generate new passwored for all the new sites that i go on and slowly changeing all the other sites that i curently use. I think this is fantastic tool for anyone looking for a somewhat secure way to store your passwords localaly.
The cool thing is, since UA-cam is Google owned, when you type your Google account password associated with UA-cam in the comments, it automatically protects it. For example, my password is ********. Pretty smart
+Asentrix Holy fuck you're weeb huh I bet you're stupid (not because you're a weeb) OMFG I know what Heartbleed is, how it works and how to exploit it. It was discovered in 2014 (not 2010) and yes, it's (mostly) patched Heartbleed lets you see memory, in many cases unencrypted In the video he showed an image with the Heartbleed logo, following some stuff about *encrypted* passwords, while Heartbleed lets you see them *unencrypted*
Some clarity between the difference between encryption and hashing would have been nice. Any well made website will salt and hash your password rather than encrypt it. Encryption can be reversed with the decryption key, hashing cannot be reversed meaning a strong password would still be safe in the event of a database breach.
These are part of the issue, but so are some websites. Issue there is HTTPS usage (obvious for most users though) security of the password database, software issues relating to functions like heartbleed, poodle, etc. Harder to do, but there is also session hijacking and MITM attacks that in right cases could be pulled off though are more complex. I saw on Computer phile that if you deal with a website that has a password reset and it sends you the password then the database is not secure. Then there are other things too like even if it is encrypted it could be intercepted or pulled from the hashed database then compared to rainbow tables, brute force attacks, etc.
Switch on 2 step authentication. That way, if someone else has your password, they still can't get in unless they have something you have (like your phone) :)
Hey Linus what about apps like 1password? I switched to this a few months ago. And I'm pretty happy with it. It let you create completely random passwords as long as 20 characters long.
Just to make this clear (because I hear that a lot): using 12345 as password is not less secure than a 10-digit-random password from the encryption side of things. They are equally hard to decrypt if properly saved (as hash). The point why you should not use it, is this said social engineering part. It's way too easy to guess. But as said, has nothing to do with the encryption
0:56 Encryption is actually very insecure, they _should_ be hashed. Hashes are one way, while encryptions are two way. Encryptions only have one input for every output, let's say I put in" bob" and get "908347gfg84" No matter what I put as an input, I will never get "908347gfg84" again, and therefor, someone who has access to the encrypted text can easily crack the password. When your password is hashed, there is no guarantee that there isn't already an output exactly like that. For example, "bob" could output "sdf3" but "jim" could also output "sdf3" So if a hacker gets access to the hashed string, there is no definite way to know for sure what the input was.
Linus: look at John Oliver's interview with Edward Snowden. Snowden discusses online security and passwords and reviews what not to do. Great resource, great cross reference for your viewers to see. This is of course about your follow-up video you mentioned.
Hi guys i'm in seak of help : i live in france and have seen a qwerty keyboard on amazon but keyboards over here are azerty and i'm used to azerty so i was wondering that if i bougth the qwerty keyboard if i could change the positions of keycaps so take the QW keys out and replace them by AZ keys , of course i'dd then change the letters so it corresponds ?
Most good online services use the cryptographic hash function which is really hard to reverse so servers never store your password and in the case of an attack, the attacker wouldn't be able to do anything.
If you want to put a password that would be hard to obtain use 24 characters. That way even if the hacker wanted to steal all of the data from a server they wouldn't be able to go pass 13 characters because of rainbow tables
technically, sensibly stored passwords are *hashed*, not *encrypted*. an encrypted password can be converted back into the plain text password, where hashing is only one-way, meaning that the password cannot be extrapolated from the hashed version stored on a server.
Any sensible person would salt the hashed passwords after that, otherwise you can easily work backwards to find out every password
You can still work backwards from hashing
No, you can't work backwards from hashing (given that you're using a secure algorithm). barnstormer322 is right. Salting is only so the same hashes don't appear for the same passwords in a database. If someone's password was "12345", and 5 people used it, all of the hashes would be the same. That's why hashes are salted.
Nonetheless, you really shouldn't be doing crypto yourself anyway. I recommend using a strong hashing algorithm like bcrypt.
zyx Exactly, that's why you can work backwords from hashing using some guesswork
Nothing is one way. The difference is that encryption uses a key to hide passwords. WIth said key you can turn them back *easy*. Hashing does not have a key, but uses a chain of mathematical functions that are *easy* to calculate in order, but very *hard* in reverse.
Hashed _and_ salted. Otherwise, rainbow tables or lookup tables can be used to reverse engineer the hashed passwords ;)
Why can't everyone just be nice to one another?
I agree!
P.S. That wont happen!!
bc the Internet
If everyone was mean to each other, then it would cancel out making everyone happy. Lets try that for a change.
+Simon WoodburyForget there is very much a thing called a stupid question, if I blatantly knew your name was Simon and I asked, 'is your first name Chris?'. Then would this lead to a great discovery, no. It is a stupid question since I already knew your name.
+Simon WoodburyForget no stupid question, only stupid answer
1:30 they use backslashes, that is how you can tell it is fake
Considering they keep saying "encryption" (encrypting passwords is insanely bad practice), I'm not surprised. They *really* missed the mark on this video.
"passwords get stolen when you stream them"
Lol
HoweverMagnetTime5$, would you say that's a secure password?
WAN
+86BuzzSaw it is really secure one
Shots fired XD
Tip : if a website sends you your password if your click " password forgoten" . STAY AWAY ! Websites that practice good security DO NOT KNOW WHAT YOUR PASSWORD IS !
I am very certain that they mean the original password they used when registering and not the temporary password.
How is he dumb? That's a valid point. I signed up for a website and it emailed me my login information (with password) in plain text. I immediately changed it to something random, and looked for a way to delete my account, and emailed them.
423million i meant if they send you password in text, instead of asking for a reset or sending a temporary password. Websites like amazon or Facebook are designed in such a way that they don't know what your password is
This sort of blunder is actually depressingly common. Even with big companies that should really know better: www.troyhunt.com/content/images/2016/02/46624661SNAGHTML3928683.png
From: www.troyhunt.com/lessons-in-website-security-anti/
"Websites like amazon or Facebook are designed in such a way that they don't know what your password is"
Never trust that any company, no matter how big, is managing your passwords correctly. LinkedIn and Adobe couldn't be bothered to do it right; a lot of other companies probably aren't doing it right either.
Use random passwords and a password generator. Full stop. (Passwords really need to die as a form of authentication, long term.)
This is why I don't use the Internet at all.
Ever?
well you posted this...
Which is totally how you posted this comment
+Person 666 I guess someone doesn't use sarcasm at all either
Pretty sure he replied in a semi-sarcastic manner too so he probably did get the joke.
Hey Linus, love these videos heaps. Good job on getting 1m subs here. I can't help but notice how much you over simplified this video.
Looks like LTT wanted to get more info on how they got hacked.
: )
they got acess to his sim card he said it himself
+Rey Vargas that was for the website, the Twitter account was hacked using a backup password
No, through his sim they got access to both twitter and his email (which allowed them to change the destination of the domain)
Top tip: If a website emails you your password on account creation (or you clicked Forgot Password), it's probably not encrypted in their DB - so change it to something unique if it isn't already.
my password is iforgotmypassword
but I change it just now
"Linus, new TechQuickie video is about passwords and encryption. What sponsor should we use?"
"Hm.... SQUARESPACE! BUILD I-"
"No. Screw it, lets go with TunnelBear."
This is the most meta video you've made linus.
Your point at 3:14 is false. Any password, be it "welcome123", "iL1k3biGbuTt5z@" or a string of any length is the same amount of characters when properly hashed and salted.
Edit: since it seems you haven't done a video about this subject yet, I'd love to see something like "hashing vs encryption" and how most websites (*should*) store password.
The point is that a hash is usually cracked by hashing different combinations of characters and comparing with the original. As such a longer password will usually result in the password taking longer to crack, since it will take more tries to guess. It is certainly true that the hash length is constant, but the password may still be orders of magnitude harder to crack if it is longer.
that'd be a great video
But in reality most website still use md5 and therefore rainbow table are in action.
+goustune Rainbow tables only work if you don't use salt. Even with MD5, adding salt defeats rainbow tables. Not that it matters in the case of MD5 since it's so broken.
How to make the best password ever:
Get a keyboard
And smash it
Congrats on a million subs John and Dennis!
Linus seem yellow to anyone??
+Olvr haha!
Orange
Green
racist.
He's kind of green with flux on.
I been waiting for the tunnelbear advertisement all the video.
0:53 "[passwords] are supposed to be encrypted, right? Well yes"
Not quite (for reasons already mentioned in the comments), but a techquickie episode on hashing and cryptography as a whole would be really interesting.
Good guy linus, gets hacked, shows people how to be careful
can't wait on that follow up video. password management is a very interesting topic for you guys to cover. keep up the good work!
Passwords often arent "encrypted", but instead hashed. This means that any password with any length gets transformed in a string like "f396czf7". You pracitically cant undo hashing, but you have to use a database of clear-hashed data-pairs.
Brandon's Post-It note with his passwords under his desk during moving vlog....
For a little over a year I have used a password manager, which I always use the maximum length the site will allow.
I read about a case (in Canada, I think) where a young hacker was held in contempt of court for refusing to tell the authorities his encrypted computer's password. Apparently it was something like 50 characters long and not even the FBI could get into it. I would think that this would violate something with pleading the fifth (not being forced to self incriminate) but I don't know if Canada has that.
This scares me about my online habits and if I've inadvertently given up information...yikes!
1 million suscribers ! Contratulations Linus and his friends ! :)
An easy way to have multiple unique and secure passwords is to use Pass-Phrase. A pass phrase contains multiple words which can reach up to 30 characters or even more. Easy to remember, nearly impossible to crack using brute force because the possibilities are much higher than your usual 8 characters limits.
I guess someone really wanted to suggest a topic for techquickie :D
You forgot to say not to stream your password live on twich.
passwords are often hashed and stored on a database for a website making them unreadable. But if the hashes gets stolen or leaked a "hacker" can just hash all the common passwords till the hash of your password matches one of the passwords on their commom password list. This is a dictionary attack but hackers can use broteforce aswell. So they dont decrypt anything, they hash words they think might be your password and see if the hash matches with your leaked password hash.
Wait! I know this! This is what happens when you use Aircrack-ng for WiFi hacking. Hahaha
I remember getting a text from Bank of America saying that an attempt to access my account was made from an unknown location, that my funds were frozen until I verified the new access point by visiting an in store location, or entering my SSN. I thought to myself, "I've got like $150 to my name, who would try to steal that?" Then I thought " usually SSN verification only ask for the last 4 digits." I pondered for a bit then realized " I don't even have Bank of America account...".
I think it would be cool to see a video explaining why exactly GPUS are better than CPUS at cracking passwords/encryption. I know the general idea, which is that GPUs just do math differently than CPUs, but I'm not clear on the specifics.
CPUs can solve extremely complex problems quickly. GPUs can solve millions of tiny problems quickly.
Next techquickie episode: How to look like you have jaundice.
Nice to see Linus not in drag for a change, lol!
I really like what Linus is trying to do here. Awareness !! Well done
1 mil subs.. CONGRATS!
2:17 Wow you accidentally got a keylogger installed on your computer. I fell for a phishing attack once myself too, my antivirus flagged it and then I rechecked the page and realized I had accidentally downloaded and ran a malicious program.
Congratulations on 1 million subscribers :)
3:21 Once they have the hashed password I think it's just a matter of time before they get the real one, even if it's a very strong hash. I believe (correct me if I'm wrong) using a very strong hash is just to buy more time so the user has more time to change there password before the hacker cracks it. All they have to do is run every combination of characters through the hash until they get a match; a very simple strait forward brought force. But they will probably use a more sophisticated brought force hack that tries passwords with words first.
Techquikie congratulations on a million subs
Regardless of the choice of characters available, length is the most important factor in making a strong password. The smaller the number of allowed characters, the more important length becomes.
Having said that, using words for your password, while allowing you to remember long passwords more easily, also in effect reduces the length of the password (if the attacker is using a dictionary to generate the password attempts); if you're using words, make sure there are many of them.
I have recently switched to useing Keepass to generate new passwored for all the new sites that i go on and slowly changeing all the other sites that i curently use. I think this is fantastic tool for anyone looking for a somewhat secure way to store your passwords localaly.
You should've put something about how terribly some servers store their passwords, like plain text and MD5.
The cool thing is, since UA-cam is Google owned, when you type your Google account password associated with UA-cam in the comments, it automatically protects it.
For example, my password is ********. Pretty smart
those passwords at 2:45 tho 😂
U right lol
3:08
[picture of the Heartbleed logo visible]
Actually, you can get unencrypted/unhashed passwords using Heartbleed
EESTI!! :D
+Asentrix
Holy fuck you're weeb huh
I bet you're stupid (not because you're a weeb) OMFG
I know what Heartbleed is, how it works and how to exploit it.
It was discovered in 2014 (not 2010) and yes, it's (mostly) patched
Heartbleed lets you see memory, in many cases unencrypted
In the video he showed an image with the Heartbleed logo, following some stuff about *encrypted* passwords, while Heartbleed lets you see them *unencrypted*
Asentrix
Your Engrish is even worse
Why are you being so toxic anyways?
@rebane2001:
He's just an angry troll, probably from 4chan, around ~18-23 years old (just a wild guess), with some ties to the Anonymous network.
Stagskull It's only one of my channels :P
nice heartbleed cameo!
All I know is that the person who keylogs me is gonna get some good ass "body studying content"
CONGRATS FOR 1000000 SUBS LINUS!!!!!!!!!!!
Linus, you resolved your Twitter hack within 10 hours? Wow. How?
Did you just roast poodlecorp? savage
gr8 grammar m8 and yes he did
oh shit i just saw that, edited!
Angelo Kalfas np XD
+Angelo Kalfas he got keylogged
+Silica No, it was a social engineering scam
2:24 These hackers are getting younger and younger
Congrats with 1 mill subs
this video is painfully ironic... you would know all about this wouldn't you linus?
lol ikr
It would've been ironic if it were made before the hack.
What's wrong with learning from experience?
+Reaperrz I know lol I thought they actually were some real haxors
Some clarity between the difference between encryption and hashing would have been nice. Any well made website will salt and hash your password rather than encrypt it. Encryption can be reversed with the decryption key, hashing cannot be reversed meaning a strong password would still be safe in the event of a database breach.
This channels keeps sending me notifications even though it's turned off on my phone wtf!?!?!?
Odds are you'll make a Techquickie for something we didn't need...
Congrats with 1 mill
LINUS YOU'RE IN MY HOMEWORK
These are part of the issue, but so are some websites. Issue there is HTTPS usage (obvious for most users though) security of the password database, software issues relating to functions like heartbleed, poodle, etc. Harder to do, but there is also session hijacking and MITM attacks that in right cases could be pulled off though are more complex.
I saw on Computer phile that if you deal with a website that has a password reset and it sends you the password then the database is not secure.
Then there are other things too like even if it is encrypted it could be intercepted or pulled from the hashed database then compared to rainbow tables, brute force attacks, etc.
First episode in almost 9 months.
I use the names of the Three Stooges. Hackers always forget there were six of them.
Haha, linus calling the newbie hackers out!
Switch on 2 step authentication. That way, if someone else has your password, they still can't get in unless they have something you have (like your phone) :)
Hey Linus what about apps like 1password? I switched to this a few months ago. And I'm pretty happy with it. It let you create completely random passwords as long as 20 characters long.
Just to make this clear (because I hear that a lot): using 12345 as password is not less secure than a 10-digit-random password from the encryption side of things. They are equally hard to decrypt if properly saved (as hash). The point why you should not use it, is this said social engineering part. It's way too easy to guess. But as said, has nothing to do with the encryption
I once made a password that instead of qwerty, it was sqwerty
**insert lenny face**
"password" was once the most used password.
Um. Linus, do you have jaundice, or do Dennis need to calibrate his screen?
0:56 Encryption is actually very insecure, they _should_ be hashed. Hashes are one way, while encryptions are two way. Encryptions only have one input for every output, let's say I put in" bob" and get "908347gfg84" No matter what I put as an input, I will never get "908347gfg84" again, and therefor, someone who has access to the encrypted text can easily crack the password. When your password is hashed, there is no guarantee that there isn't already an output exactly like that. For example, "bob" could output "sdf3" but "jim" could also output "sdf3" So if a hacker gets access to the hashed string, there is no definite way to know for sure what the input was.
This also means that no one who has access to the servers knows your password, as well, your password is never stored.
FYI: MalwareBytes is not blocking the Amazon shopping link.
I'm watching this at 1.25x speed. I'm used to the crazy old school fast speaker Linus
Maybe in the future websites will be able to activate your phone/computer's camera and use facial recognition software to log you onto a website.
Walmart.com only allows 12 characters for passwords. They're also the only ones that I've had real problems with.
Linus: look at John Oliver's interview with Edward Snowden. Snowden discusses online security and passwords and reviews what not to do. Great resource, great cross reference for your viewers to see. This is of course about your follow-up video you mentioned.
Hi guys i'm in seak of help : i live in france and have seen a qwerty keyboard on amazon but keyboards over here are azerty and i'm used to azerty so i was wondering that if i bougth the qwerty keyboard if i could change the positions of keycaps so take the QW keys out and replace them by AZ keys , of course i'dd then change the letters so it corresponds ?
Most good online services use the cryptographic hash function which is really hard to reverse so servers never store your password and in the case of an attack, the attacker wouldn't be able to do anything.
And that's why I use 2 Step Authentication.
for what non-illegal task would you use tunelbear?
I noticed that sneak diss.. savage
Passwords get stolen when shown on stream.
How to milk money from your own mistakes, this is why linus earns so much :D
You should do a video on AMD Hypertransport to explain it better
I have learnt this the hard way way back in the past
Wait linus got keylogged? I thought he just got hit with the sim card cheese?
Why are all stock image robbers white
+The Everyicated Gamer because hack people can't black
because people would call them racist if they were colour or black
white collar crime
LAST PASS program.
Use always use special symbols, space, random carhaters
did this in the middle of the WAN show ?? hahahaha
Tunnel Bear! You get your keyloggers now over AES-256 encrypted!
:D xD ROFL
So Linus and GradeA talked about the same things in the same day.....
What lights are you using? The light quality is not good
Hmm, wonder why TechQuicke is talking about how passwords are stolen...
I guess we'll never know
Hehe
Does it help if you use different account names on different sites?
Congratulations on 1m subs
Hey !! Great Video, Very interesting ,..
Did You Get a Tan ??
If you want to put a password that would be hard to obtain use 24 characters. That way even if the hacker wanted to steal all of the data from a server they wouldn't be able to go pass 13 characters because of rainbow tables
4:02 Hey Linus, how did you guess my password??
fuck.
I use a double verification method on most sites i'm using, meaning that you'll need my phone to log in on most sites
Minute 3,second 12:
That's Heartbleed :D A security fail of Heartbeat extension in some OpenSSL version... :3
Linus, Stop cutting corners! Where is the 4k option?? I left 1080p streaming back in 2014. Get a grip!